gixy
dist
gixy | dist | |
---|---|---|
9 | 3 | |
8,153 | 111 | |
0.2% | 0.0% | |
4.3 | 5.6 | |
4 months ago | 3 days ago | |
Python | Shell | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gixy
- If is Evil when used in location context
- Gixy is a tool to prevent Nginx security misconfiguration
- GitHub - yandex/gixy: Nginx configuration static analyzer
- Gixy: Nginx Configuration Static Analyzer
-
Leaking Bitwarden's Vault with a Nginx vulnerability
https://github.com/yandex/gixy/blob/master/docs/en/plugins/a...
(and nixos automatically runs gixy on a configuration generated through it, so the system refuses to build <3)
-
Avoiding the Top Nginx Configuration Mistakes
* [alias_traversal] Path traversal via misconfigured alias
The alias traversal gotcha is one of the most pernicious I've seen. A single, seemingly innocuous '/' is the difference between a path traversal vulnerability or not.
[0]: https://github.com/yandex/gixy#what-it-can-do
-
2 of my servers got hacked last night around the same time.
not sure what is the exact reason but, nginx has vulnerability of of misconfigured ngnix.conf, I recommend using https://github.com/yandex/gixy and check if your nginx config files any sort of misconfig or not.
- GIXY – Nginx configuration static analyzer
- Common Nginx misconfigurations that leave your web server open to attack
dist
- Leaking Bitwarden's Vault with a Nginx vulnerability
-
caddy websever not working
either you have two instances of caddy running or your issue lies in the Caddyfile / systemd unit.
-
Nginx Modern Reference Architectures
What I meant was using OCSP status (from stapling) to trigger reissuance on revocation. I don't think this can be done with nginx and certbot unless nginx makes its OCSP status available for the certbot client to read from, or having an event trigger in nginx somehow to get certbot to run. Either way, it's extra faff that you don't need to worry about with Caddy.
> which can run on port 80/443 without iptables hacks
Not sure what you mean. Do you mean that you need root to bind to those ports? In which case, you can give the process CAP_NET_BIND_SERVICE which lets it. Caddy's systemd service does this, and runs as a non-root user: https://github.com/caddyserver/dist/blob/2ceb535e076ed9b3083...
What are some alternatives?
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
static-web-server - A cross-platform, high-performance and asynchronous web server for static files-serving. ⚡
caddy-ratelimit
merecat - Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd
materialize - Materialize, a web framework based on Material Design
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
manix - A fast CLI documentation searcher for Nix.
grpc-go - The Go language implementation of gRPC. HTTP/2 based RPC